U.S. Authorities Shut Down Major Dark Web Marketplace with 117,000 Users

In a blow to the cybercrime underworld, the U.S. Attorney’s Office for the Eastern District of Virginia announced the seizure of approximately 145 domains, spanning both darknet and traditional internet spaces, associated with the notorious BidenCash marketplace.

This coordinated operation, executed with support from the U.S. Secret Service, FBI, Dutch National High Tech Crime Unit, and cybersecurity firms like Searchlight Cyber and The Shadowserver Foundation, also resulted in the confiscation of cryptocurrency funds tied to illicit transactions.

BidenCash, operational since March 2022, functioned as a centralized platform for buying and selling stolen payment card data, login credentials, and server access.

Administrators charged transaction fees, enabling over 117,000 customers to traffic more than 15 million credit card numbers and personally identifiable information (PII), generating upwards of $17 million in illicit revenue.

How BidenCash Operated

The BidenCash marketplace specialized in carding—the trade of stolen credit card data—and also sold compromised credentials, including Secure Shell Protocol (SSH) access for unauthorized server entry.

To attract cybercriminals and build trust, BidenCash periodically released large datasets for free.

Notably, between October 2022 and February 2023, the marketplace published 3.3 million stolen credit card records, including sensitive data such as card numbers, expiration dates, Card Verification Value (CVV) codes, account holder names, addresses, emails, and phone numbers.

The site leveraged both clear web and dark web domains, including addresses like:

texthttps://bidencash.bid
https://bidencash.asia
http://biden3veilozweo2xubiusixn4kbfbbih23s6xsd35bzsuaz2weiz4yd.onion

Following the takedown, these domains now redirect to a law enforcement-controlled server displaying an official seizure notice, effectively neutralizing their use for future criminal activity.

Impact, Law Enforcement Strategy, and Next Steps

The seizure of BidenCash’s infrastructure marks a major victory in the fight against cyber-enabled financial crime.

By redirecting seized domains to law enforcement-controlled servers, authorities have disrupted a major hub for carding and credential theft, reducing the risk of further victimization.

However, experts caution that many individuals whose data was sold or leaked remain vulnerable, especially if they have not updated their banking or personal information.

The operation also included the legal seizure of cryptocurrency assets, targeting the financial lifeblood of these illicit markets.

This aligns with broader law enforcement efforts to dismantle crypto-enabled criminal networks, as seen in recent global operations targeting malware-as-a-service and infostealer platforms.

Key Technical Terms and Codes

• Carding: The trafficking and unauthorized use of stolen credit card data.
• PII (Personally Identifiable Information): Data that can be used to identify individuals, such as names, addresses, and account details.
• SSH (Secure Shell Protocol): A cryptographic network protocol for secure remote server access, often sold on illicit markets for unauthorized entry.
• CVV (Card Verification Value): A security feature for credit card transactions, essential for online purchases.
• DDoS (Distributed Denial-of-Service): Attacks that overwhelm a server or network to disrupt services—a tactic sometimes used against or by illicit marketplaces.

BidenCash Marketplace by the Numbers

The BidenCash takedown demonstrates the increasing sophistication and international coordination of law enforcement in combating cybercrime.

While the immediate threat from this marketplace has been neutralized, ongoing vigilance and public awareness remain crucial to protect against the persistent risk of identity theft and financial fraud.

To Upgrade Your Cybersecurity Skills, Take Diamond Membership With 150+ Practical Cybersecurity Courses Online – Enroll Here